Richard Bejtlich is director of incident response at General Electric Company in Manassas, Va. and blogs at Bejtlich.net and TaoSecurity.com. Listen to the rest of Richard's answers on Snort by downloading our Snort podcast.

"Grep" refers to the Unix utility used to identify strings in content. Snort can indeed identify various content strings via direct traffic inspection. However, Snort has far more powerful protocol analysis and traffic reconstruction capabilities that don't get as much press as its signature matching engine. Snort won't necessarily meet the needs of all clients, but anyone who wants to collect indicators of suspicious or malicious activity will find Snort exceptionally helpful.

E-Handbook

E-Handbook

E-Handbook

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy